CVE Prioritization
Triage CVEs by EPSS, CISA KEV, PoC availability, attack complexity, and in-feed incidents.
50
Total CVEs
2
Critical
0
KEV / Exploited
0
PoC Exists
0
Zero Day
0
Patch Available
| CVE ID | Published | Severity | EPSS Score | Complexity | Status | PoC | Patch | Due Date | Feed Hits | Description | |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW | Details | |
| 09 Apr 2026 | MEDIUM 4.7 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFree | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the | Details | |
| 09 Apr 2026 | HIGH 7.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without vali | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repe | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/ | Details | |
| 09 Apr 2026 | CRITICAL 9.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected throu | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification | Details | |
| 09 Apr 2026 | CRITICAL 9.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted e | Details | |
| 09 Apr 2026 | HIGH 7.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directo | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents end | Details | |
| 09 Apr 2026 | HIGH 7.7 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c | Details | |
| 09 Apr 2026 | HIGH 7.9 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unaut | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registr | Details | |
| 09 Apr 2026 | MEDIUM 6.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi | Details | |
| 09 Apr 2026 | HIGH 7.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call modu | Details | |
| 09 Apr 2026 | MEDIUM 6.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the e | Details | |
| 09 Apr 2026 | HIGH 7.2 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in | Details | |
| 09 Apr 2026 | HIGH 8.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the | Details | |
| 09 Apr 2026 | MEDIUM 5.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent | Details | |
| 09 Apr 2026 | — |
0.0%
|
— |
—
|
— | — | — | 0 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed | Details | |
| 09 Apr 2026 | MEDIUM 4.8 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that | Details | |
| 09 Apr 2026 | HIGH 8.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop | Details | |
| 09 Apr 2026 | MEDIUM 4.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireM | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an | Details | |
| 09 Apr 2026 | HIGH 8.8 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se | Details | |
| 09 Apr 2026 | HIGH 7.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status reso | Details | |
| 09 Apr 2026 | MEDIUM 4.8 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that al | Details | |
| 09 Apr 2026 | MEDIUM 5.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasReq | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that | Details | |
| 09 Apr 2026 | HIGH 7.1 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that u | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unautho | Details | |
| 09 Apr 2026 | HIGH 7.4 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail | Details | |
| 09 Apr 2026 | MEDIUM 4.8 |
0.0%
|
HIGH |
—
|
— | — | — | 0 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows | Details | |
| 09 Apr 2026 | MEDIUM 6.5 |
0.0%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforci | Details | |
| 09 Apr 2026 | MEDIUM 5.3 |
0.1%
|
LOW |
—
|
— | — | — | 0 | OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling t | Details |